On Tue, Oct 28, 2008 at 04:24:02PM +0100, Hans Vosbergen wrote: > Hi Misc, > > I am trying to make OpenBGPD work as a route-server for a little hobby > project I am working on. > > As it's very hard to find configuration examples for this usage on the web i > have to turn here. > > What I am trying to achieve: > - A route-server acting as a transparent route distributor. > - Control by neighbours who their prefixes are announced to, based on > communities. > > Making OpenBGP work as a transparent AS was the easy part. However I'm stuck > in the communities control part. > > How it is supposed to work, my route-server has AS1234 in my test > environment. > > If a neighbour announces: > 1. { community 1234:1234 } -- Their prefixes will be announced to EVERY > other neighbour. > 2. { community 1234:<as>} -- Their prefixes will ONLY be announced to <AS>, > ie: 1234:8943 will only send the prefixes to AS8943. > 3. { community 1234:1234 1234:<AS> } -- Their prefixes will be announced to > every other neighbour EXCEPT <AS>. > > I have been able to achieve the first 2 ways the prefix control should work, > but I can't manage to get the 3rd to work. Before moving to OpenBGPD I > managed to produce the way I want it to work in Quagga but I simply do not > want to use that. > > Would anyone have an idea on how to make OpenBGPD not announce prefixes to > specific neighbours if they appear in the 1234:1234 1234:<AS> list? >
The route server I set up uses more or less this config: # global configuration AS $ASNUM router-id $IP transparent-as yes network $LAN group RS { announce all max-prefix 5000 restart 15 set nexthop no-modify # softreconfig in no neighbor $LAN { descr "RS peer" passive } } # filter out prefixes longer than 24 or shorter than 8 bits deny from any prefixlen 8 >< 24 # do not accept a default route, multicast and experimental networks deny from any prefix 0.0.0.0/0 deny from any prefix 10.0.0.0/8 prefixlen >= 8 deny from any prefix 127.0.0.0/8 prefixlen >= 8 deny from any prefix 169.254.0.0/16 prefixlen >= 16 deny from any prefix 172.16.0.0/12 prefixlen >= 12 deny from any prefix 192.0.2.0/24 prefixlen >= 24 deny from any prefix 192.168.0.0/16 prefixlen >= 16 deny from any prefix 224.0.0.0/4 prefixlen >= 4 deny from any prefix 224.0.0.0/4 prefixlen >= 4 deny from any prefix 240.0.0.0/4 prefixlen >= 4 # we set's these communities to identify from where # it learned a route: match from any set community $ASNUM:neighbor-as # 1. Prepend RS $ASNUM to *all* RS-Peers match from group RS community $ASNUM:65500 set prepend-self 1 # 2. Prepend RS $ASNUM to *selected* RS-Peer N-times # (N can be 1 to 3) match to group RS community 65501:neighbor-as set prepend-self 1 match to group RS community 65502:neighbor-as set prepend-self 2 match to group RS community 65503:neighbor-as set prepend-self 3 # 3. Do *not* announce to RS-Peers with AS AAAA deny to group RS community $ASNUM:neighbor-as # 4. Do *not* announce to *ANY* RS-Peers deny to group RS community $ASNUM:65535 # 5. Prepend own announcement by one match to group RS prefix $LAN set prepend-self 1 Works like a champ without any additional per peer config :) -- :wq Claudio